3 matches found
CVE-2025-11670
CVE-2025-11670 affects Zohocorp ManageEngine ADManager Plus prior to version 8025. The root cause is NTLM Hash Exposure, and exploitation is restricted to technicians who have the Impersonate as Admin option enabled. Public references consistently cite version 8025 as the fixed/target version. No...
CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality
Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...
CVE-2025-66625
CVE-2025-66625 affects Umbraco CMS (ASP.NET) versions 10.0.0–13.12.0. During the dictionary upload process, unsafe handling/deletion of temporary files enables a backoffice attacker to trigger predictable requests to temporary file paths, causing error responses (HTTP 500 if a file exists, 404 if...